Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Ungewöhnlich viele Nat verbindungen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.01.2012, 20:01   #1
naractis
 
Ungewöhnlich viele Nat verbindungen - Standard

Ungewöhnlich viele Nat verbindungen



Hallo
Der besagte Laptop macht baut ungewöhnlich viele Nat Verbindungen auf. Gemerkt habe ich das, als ich im Fehler log des Routers (Zyxel P-660HN-F1Z) nach einer gewissen Surfzeit die Meldung "192.168.x.x 192.168.x.x exceeds the max. number of session per host!" erhielt, und das Surfen unerträglich wurde (auch viele Verbindungsabbrüche / Verbindungsprobleme).

Die Nat Table meines Routers war Standartmässig auf 1024 Verbindungen pro IP eingestellt. Diese habe ich auf 2048 erhöht. Als das Problem nach einer Weile erneut auftauchte, erhöhte ich sie auf 3072.

Anstatt am Router herum zu doktern wollte ich lieber von Euch wissen, warum mein Laptop dermassen ungewöhnlich viele Verbindungen aufbaut. (Nein, es laufen keine Filesharing Programme!)

Ein Virusscan mit Avira Antivir und Microsoft Security Essentials haben nichts gefunden.

Code:
ATTFilter
OTL logfile created on: 19.01.2012 19:26:16 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Naractis\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
2.97 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 65.32% Memory free
5.93 Gb Paging File | 4.62 Gb Available in Paging File | 77.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 452.69 Gb Total Space | 246.00 Gb Free Space | 54.34% Space Free | Partition Type: NTFS
Drive D: | 13.06 Gb Total Space | 2.03 Gb Free Space | 15.54% Space Free | Partition Type: NTFS
 
Computer Name: NARACTISBOOK | User Name: Naractis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.19 19:22:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Naractis\Desktop\OTL.exe
PRC - [2011.11.08 15:52:48 | 000,376,704 | R--- | M] (cFos Software GmbH) -- C:\Programme\cFosSpeed\spd.exe
PRC - [2011.11.08 15:52:44 | 001,219,456 | R--- | M] (cFos Software GmbH) -- C:\Programme\cFosSpeed\cfosspeed.exe
PRC - [2011.09.02 01:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\Naractis\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.07.01 14:01:19 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.06.21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
PRC - [2011.06.15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2011.05.01 09:11:59 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011.03.28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.18 07:18:50 | 000,245,760 | ---- | M] () -- C:\Programme\Synology\Assistant\UsbClientService.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.11.03 20:02:59 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.12.01 12:37:48 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Programme\DigitalPersona\Bin\DpHostW.exe
PRC - [2009.12.01 12:37:46 | 000,842,816 | ---- | M] (DigitalPersona, Inc.) -- C:\Programme\DigitalPersona\Bin\DpAgent.exe
PRC - [2009.09.16 16:42:30 | 000,210,216 | ---- | M] (CyberLink) -- c:\Programme\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009.08.21 10:07:14 | 000,100,408 | ---- | M] (Hewlett-Packard ) -- C:\Programme\Hewlett-Packard\HPToneControl\HPToneCtl.exe
PRC - [2009.07.21 09:34:52 | 000,567,864 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2009.07.21 01:33:32 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2009.07.21 01:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\stacsv.exe
PRC - [2009.07.14 02:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.03.01 21:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe
PRC - [2008.10.25 10:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008.09.16 09:33:18 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe
PRC - [2008.06.11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.11.21 15:54:34 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2010.03.15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2009.09.16 16:42:28 | 000,931,112 | ---- | M] () -- c:\Programme\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009.07.21 09:34:52 | 000,567,864 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
MOD - [2008.05.07 21:33:46 | 000,417,792 | ---- | M] () -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\AdobeXMP.dll
MOD - [2007.11.16 16:02:18 | 000,479,232 | R--- | M] () -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\ccme_base.dll
MOD - [2007.11.16 16:02:18 | 000,401,408 | R--- | M] () -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\cryptocme2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.11.26 17:14:47 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.11.08 15:52:48 | 000,376,704 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\cFosSpeed\spd.exe -- (cFosSpeedS)
SRV - [2011.07.01 14:01:19 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011.05.01 09:11:59 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.03.28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011.02.18 07:18:50 | 000,245,760 | ---- | M] () [Auto | Running] -- C:\Programme\Synology\Assistant\UsbClientService.exe -- (UsbClientService)
SRV - [2010.07.18 22:47:54 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.03.22 17:29:18 | 000,390,472 | ---- | M] (gogo6, Inc.) [On_Demand | Stopped] -- C:\Programme\gogo6\gogoCLIENT\gogoc.exe -- (gogoc)
SRV - [2009.12.01 12:37:48 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Programme\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2009.07.21 01:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\stacsv.exe -- (STacSV)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.03.01 21:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe -- (AESTFilters)
SRV - [2008.09.16 09:33:18 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService)
SRV - [2007.05.31 08:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 08:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.11.08 15:52:52 | 000,972,160 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\cfosspeed6.sys -- (cFosSpeed) cFosSpeed for faster Internet connections (NDIS 6)
DRV - [2011.07.01 14:01:20 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.01 14:01:20 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.05.10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011.04.27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.04.18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011.02.18 07:20:22 | 000,046,304 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\busenum.sys -- (busenum)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.07.23 17:46:42 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.06.15 15:53:28 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2010.06.15 15:53:12 | 000,033,848 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010.03.22 17:29:10 | 000,021,064 | ---- | M] (gogo6 Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\gogotun.sys -- (gogoTunnelDevice)
DRV - [2010.02.22 16:23:46 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/07/24 16:03:51] [Kernel | Auto | Running] -- C:\Programme\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2010.01.13 15:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
DRV - [2009.10.03 05:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.08.05 21:59:30 | 000,750,592 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dnetr28u.sys -- (netr28u)
DRV - [2009.07.26 21:39:24 | 000,659,592 | ---- | M] (www.ext2fsd.com) [Kernel | System | Running] -- C:\Windows\System32\drivers\ext2fsd.sys -- (Ext2Fsd)
DRV - [2009.07.21 01:33:32 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.05.22 07:32:56 | 000,284,928 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVerAF15.sys -- (AVerAF15)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.29 06:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009.03.06 18:09:52 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\anodlwf.sys -- (anodlwf)
DRV - [2008.10.22 16:42:10 | 000,107,360 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.09.16 09:33:38 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x)
DRV - [2008.09.04 00:47:00 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-CH
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 62 46 98 B3 E1 D1 CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://go.microsoft.com/fwlink/?LinkId=69157"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.80
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126
FF - prefs.js..keyword.URL: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Naractis\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Naractis\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Naractis\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2010.08.15 08:09:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.19 10:01:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.14 12:48:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.14 12:48:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\firefoxext [2010.08.15 08:09:50 | 000,000,000 | ---D | M]
 
[2010.07.18 22:40:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Naractis\AppData\Roaming\mozilla\Extensions
[2012.01.15 21:19:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Naractis\AppData\Roaming\mozilla\Firefox\Profiles\gprpat5c.default\extensions
[2010.07.18 22:56:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Naractis\AppData\Roaming\mozilla\Firefox\Profiles\gprpat5c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.05.21 02:17:18 | 000,001,632 | ---- | M] () -- C:\Users\Naractis\AppData\Roaming\Mozilla\Firefox\Profiles\gprpat5c.default\searchplugins\live-search.xml
[2012.01.14 12:30:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.08.02 05:13:34 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
() (No name found) -- C:\USERS\NARACTIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPRPAT5C.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\NARACTIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPRPAT5C.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: \Auf gut Gl\u00FCck\-Schnellsuche (Enabled)
CHR - default_search_provider: search_url = hxxp://www.google.com/search?q={searchTerms}&meta=lr%3Dlang_de&btnI=I%27m+Feeling+Lucky
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Naractis\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Naractis\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Naractis\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Naractis\AppData\Local\Google\Update\1.3.21.71\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Naractis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google-Suche = C:\Users\Naractis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Speed Dial = C:\Users\Naractis\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi\2.1_0\
CHR - Extension: AdBlock = C:\Users\Naractis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.13_0\
CHR - Extension: FastestChrome - Browse Faster = C:\Users\Naractis\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\5.9.6_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Naractis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\Naractis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2011.11.26 17:06:06 | 000,001,392 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       activate.adobe.com
O1 - Hosts: 127.0.0.1       practivate.adobe.com
O1 - Hosts: 127.0.0.1       ereg.adobe.com
O1 - Hosts: 127.0.0.1       activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1       wip3.adobe.com
O1 - Hosts: 127.0.0.1       3dns-3.adobe.com
O1 - Hosts: 127.0.0.1       3dns-2.adobe.com
O1 - Hosts: 127.0.0.1       adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1       adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1       adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1       ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1       activate-sea.adobe.com
O1 - Hosts: 127.0.0.1       wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1       activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1       wwis-dubc1-vip60.adobe.com
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Programme\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Programme\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [cFosSpeed] C:\Programme\cFosSpeed\cfosspeed.exe (cFos Software GmbH)
O4 - HKLM..\Run: [DpAgent] C:\Programme\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [HPToneControl] C:\Programme\Hewlett-Packard\HPToneControl\HPToneCtl.exe (Hewlett-Packard )
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - Startup: C:\Users\Naractis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Naractis\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Programme\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.230.1.39 194.230.1.103
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AA745F0-1068-417F-8401-7ACC5D7A3829}: DhcpNameServer = 194.230.1.39 194.230.1.103
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60038E5B-62F8-4476-A978-605E47B5FE35}: DhcpNameServer = 138.188.101.186 138.188.101.189
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CED028D9-9E09-4765-83F4-E0547C591A86}: NameServer = 192.168.0.1,192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.19 19:22:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Naractis\Desktop\OTL.exe
[2012.01.19 19:06:34 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\Naractis\Desktop\aswMBR.exe
[2012.01.15 13:07:17 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.01.14 19:33:07 | 000,750,592 | ---- | C] (Ralink Technology Corp.) -- C:\Windows\System32\drivers\Dnetr28u.sys
[2012.01.14 19:33:07 | 000,221,184 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\System32\RaCoInst.dll
[2012.01.14 12:48:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.01.14 12:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cFosSpeed Traffic Shaping
[2012.01.14 12:32:43 | 000,972,160 | ---- | C] (cFos Software GmbH) -- C:\Windows\System32\drivers\cfosspeed6.sys
[2012.01.14 12:32:42 | 000,000,000 | ---D | C] -- C:\Users\Naractis\AppData\Local\cFos
[2012.01.14 12:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\cFos
[2012.01.14 12:06:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012.01.08 18:04:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Duden
[2012.01.08 18:04:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duden
[2012.01.08 17:56:45 | 000,000,000 | ---D | C] -- C:\Program Files\Duden
[2012.01.07 17:10:31 | 000,483,328 | ---- | C] (Simon Tatham) -- C:\Users\Naractis\Desktop\putty.exe
[2012.01.04 14:15:31 | 000,000,000 | ---D | C] -- C:\Users\Naractis\AppData\Local\GoPro
[2011.12.26 17:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\CineForm
[2011.12.26 17:02:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro
[2011.12.26 17:01:56 | 000,000,000 | ---D | C] -- C:\Program Files\GoPro
[2011.06.15 21:13:05 | 000,219,136 | ---- | C] (TODO: <Company name>) -- C:\Program Files\launcher.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.19 19:27:10 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.19 19:27:10 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.19 19:26:06 | 000,698,998 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.19 19:26:06 | 000,654,276 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.19 19:26:06 | 000,149,162 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.19 19:26:06 | 000,122,108 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.19 19:25:25 | 000,000,512 | ---- | M] () -- C:\Users\Naractis\Desktop\MBR.dat
[2012.01.19 19:22:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Naractis\Desktop\OTL.exe
[2012.01.19 19:19:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.19 19:19:25 | 2390,118,400 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.19 19:17:20 | 000,000,020 | ---- | M] () -- C:\Users\Naractis\defogger_reenable
[2012.01.19 19:16:13 | 000,050,477 | ---- | M] () -- C:\Users\Naractis\Desktop\Defogger.exe
[2012.01.19 19:06:55 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\Naractis\Desktop\aswMBR.exe
[2012.01.19 19:05:01 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2455071247-1841323591-682351765-1001UA.job
[2012.01.19 18:49:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2455071247-1841323591-682351765-1001UA.job
[2012.01.19 16:14:56 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2455071247-1841323591-682351765-1001Core.job
[2012.01.19 16:05:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2455071247-1841323591-682351765-1001Core.job
[2012.01.14 19:35:20 | 000,000,009 | ---- | M] () -- C:\Windows\System32\ANIWZCSUSERNAME{0CF68E52-0DF1-47E6-80D9-7474EDE5FB02}
[2012.01.14 12:30:19 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.01.14 12:07:08 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.01.12 23:30:22 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNaractis.job
[2012.01.10 13:40:47 | 002,548,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.01.07 17:37:00 | 000,000,600 | ---- | M] () -- C:\Users\Naractis\AppData\Local\PUTTY.RND
[2012.01.07 17:10:39 | 000,483,328 | ---- | M] (Simon Tatham) -- C:\Users\Naractis\Desktop\putty.exe
[2012.01.07 13:51:18 | 000,002,416 | ---- | M] () -- C:\Users\Naractis\Desktop\Google Chrome.lnk
[2012.01.04 23:17:30 | 000,007,606 | ---- | M] () -- C:\Users\Naractis\AppData\Local\Resmon.ResmonCfg
[2011.12.26 17:02:18 | 000,001,111 | ---- | M] () -- C:\Users\Naractis\Desktop\GoPro CineForm Studio.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.19 19:17:04 | 000,000,020 | ---- | C] () -- C:\Users\Naractis\defogger_reenable
[2012.01.19 19:16:12 | 000,050,477 | ---- | C] () -- C:\Users\Naractis\Desktop\Defogger.exe
[2012.01.19 19:10:20 | 000,000,512 | ---- | C] () -- C:\Users\Naractis\Desktop\MBR.dat
[2012.01.14 19:35:20 | 000,000,009 | ---- | C] () -- C:\Windows\System32\ANIWZCSUSERNAME{0CF68E52-0DF1-47E6-80D9-7474EDE5FB02}
[2012.01.14 19:33:08 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\anodlwf.sys
[2012.01.14 19:33:07 | 000,013,931 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2012.01.14 12:30:19 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.01.14 12:07:08 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012.01.14 12:06:28 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012.01.10 18:04:12 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForNaractis.job
[2012.01.07 17:15:34 | 000,000,600 | ---- | C] () -- C:\Users\Naractis\AppData\Local\PUTTY.RND
[2011.12.26 17:02:18 | 000,001,111 | ---- | C] () -- C:\Users\Naractis\Desktop\GoPro CineForm Studio.lnk
[2011.09.17 10:06:02 | 000,007,606 | ---- | C] () -- C:\Users\Naractis\AppData\Local\Resmon.ResmonCfg
[2011.06.15 21:13:05 | 000,080,384 | ---- | C] () -- C:\Program Files\phnxdll.dll
[2011.06.15 21:12:55 | 003,297,280 | ---- | C] () -- C:\Program Files\phoenixRC.exe
[2011.06.02 11:40:00 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.06.02 11:37:56 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.01.04 16:08:31 | 000,001,849 | ---- | C] () -- C:\Users\Naractis\AppData\Roaming\GhostObjGAFix.xml
[2010.10.22 20:21:10 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2010.10.11 19:34:28 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.10.11 19:34:28 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2030.DAT
[2010.09.25 13:18:02 | 000,111,928 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.09.25 13:17:56 | 002,373,712 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010.09.25 13:17:56 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.08.16 23:10:51 | 000,000,600 | ---- | C] () -- C:\Users\Naractis\AppData\Roaming\winscp.rnd
[2010.08.02 05:14:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.07.23 18:44:51 | 000,000,350 | ---- | C] () -- C:\Windows\System32\AP6RMHV.BIN
[2010.07.23 18:44:51 | 000,000,308 | ---- | C] () -- C:\Windows\System32\AP6RMKV.BIN
[2010.07.23 18:44:51 | 000,000,252 | ---- | C] () -- C:\Windows\System32\AP6RMJH.BIN
[2010.07.23 18:44:51 | 000,000,238 | ---- | C] () -- C:\Windows\System32\AP6RMFP.BIN
[2010.07.23 18:44:51 | 000,000,189 | ---- | C] () -- C:\Windows\System32\AP6RMKS.BIN
[2010.07.23 18:44:51 | 000,000,126 | ---- | C] () -- C:\Windows\System32\AP6RMHR.BIN
[2009.08.28 10:52:28 | 000,022,723 | ---- | C] () -- C:\Windows\System32\ssp1ml3.dll
[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.07.14 09:47:43 | 000,698,998 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,149,162 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 002,548,512 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,654,276 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,122,108 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007.11.14 15:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll
 
========== LOP Check ==========
 
[2011.03.08 19:43:06 | 000,000,000 | ---D | M] -- C:\Users\Naractis\AppData\Roaming\.Kanton ZH
[2011.11.26 17:02:43 | 000,000,000 | ---D | M] -- C:\Users\Naractis\AppData\Roaming\DAEMON Tools Lite
[2010.07.23 18:39:51 | 000,000,000 | ---D | M] -- C:\Users\Naractis\AppData\Roaming\DigitalPersona
[2012.01.19 19:21:00 | 000,000,000 | ---D | M] -- C:\Users\Naractis\AppData\Roaming\Dropbox
[2011.11.11 16:41:19 | 000,000,000 | ---D | M] -- C:\Users\Naractis\AppData\Roaming\EVEMon
[2011.09.17 12:42:19 | 000,000,000 | ---D | M] -- C:\Users\Naractis\AppData\Roaming\FileZilla
[2010.09.19 15:16:29 | 000,000,000 | ---D | M] -- C:\Users\Naractis\AppData\Roaming\FreeCommander
[2010.08.31 11:47:34 | 000,000,000 | ---D | M] -- C:\Users\Naractis\AppData\Roaming\NCH Swift Sound
[2010.07.18 22:59:23 | 000,000,000 | ---D | M] -- C:\Users\Naractis\AppData\Roaming\Static EMail Backup
[2011.09.17 12:42:19 | 000,000,000 | ---D | M] -- C:\Users\Naractis\AppData\Roaming\TS3Client
[2011.05.01 09:24:36 | 000,000,000 | ---D | M] -- C:\Users\Naractis\AppData\Roaming\TuneUp Software
[2012.01.14 17:44:16 | 000,000,000 | ---D | M] -- C:\Users\Naractis\AppData\Roaming\uTorrent
[2012.01.19 16:05:00 | 000,000,918 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2455071247-1841323591-682351765-1001Core.job
[2012.01.19 19:05:01 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2455071247-1841323591-682351765-1001UA.job
[2012.01.14 01:49:56 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
Code:
ATTFilter
aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-19 19:07:34
-----------------------------
19:07:34.376    OS Version: Windows 6.1.7601 Service Pack 1
19:07:34.376    Number of processors: 2 586 0x170A
19:07:34.378    ComputerName: NARACTISBOOK  UserName: Naractis
19:07:40.033    Initialize success
19:08:59.841    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:08:59.841    Disk 0 Vendor: TOSHIBA_MK5055GSX FG002C Size: 476940MB BusType: 11
19:08:59.872    Disk 0 MBR read successfully
19:08:59.872    Disk 0 MBR scan
19:08:59.872    Disk 0 Windows 7 default MBR code
19:08:59.888    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       463559 MB offset 2048
19:08:59.904    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        13377 MB offset 949370880
19:08:59.919    Disk 0 scanning sectors +976766976
19:08:59.982    Disk 0 scanning C:\Windows\system32\drivers
19:09:11.229    Service scanning
19:09:12.774    Service MpKsl2cc050e4 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9D53B79D-CCB8-46B9-B8A4-BAC0FE155330}\MpKsl2cc050e4.sys **LOCKED** 32
19:09:12.774    Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
19:09:13.039    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
19:09:13.663    Modules scanning
19:09:41.088    Disk 0 trace - called modules:
19:09:41.119    ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll ACPI.sys >>UNKNOWN [0x8594a1f8]<<
19:09:41.119    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8683e530]
19:09:41.135    3 CLASSPNP.SYS[8bba059e] -> nt!IofCallDriver -> [0x8683e020]
19:09:41.135    5 hpdskflt.sys[8bb52090] -> nt!IofCallDriver -> [0x86669918]
19:09:41.135    7 ACPI.sys[837ab3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86714908]
19:09:41.150    \Driver\atapi[0x866fc910] -> IRP_MJ_CREATE -> 0x8594a1f8
19:09:41.166    Scan finished successfully
19:10:20.306    Disk 0 MBR has been saved successfully to "C:\Users\Naractis\Desktop\MBR.dat"
19:10:20.306    The log file has been saved successfully to "C:\Users\Naractis\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-19 19:23:59
-----------------------------
19:23:59.663    OS Version: Windows 6.1.7601 Service Pack 1
19:23:59.663    Number of processors: 2 586 0x170A
19:23:59.663    ComputerName: NARACTISBOOK  UserName: Naractis
19:24:01.004    Initialize success
19:24:07.873    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:24:07.873    Disk 0 Vendor: TOSHIBA_MK5055GSX FG002C Size: 476940MB BusType: 11
19:24:07.904    Disk 0 MBR read successfully
19:24:07.904    Disk 0 MBR scan
19:24:07.904    Disk 0 Windows 7 default MBR code
19:24:07.920    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       463559 MB offset 2048
19:24:07.951    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        13377 MB offset 949370880
19:24:07.951    Disk 0 scanning sectors +976766976
19:24:08.045    Disk 0 scanning C:\Windows\system32\drivers
19:24:26.001    Service scanning
19:24:31.273    Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
19:24:31.929    Modules scanning
19:25:04.829    Disk 0 trace - called modules:
19:25:04.845    ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll ACPI.sys ataport.SYS PCIIDEX.SYS msahci.sys 
19:25:05.359    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x867c3030]
19:25:05.359    3 CLASSPNP.SYS[8b80459e] -> nt!IofCallDriver -> [0x867be918]
19:25:05.359    5 hpdskflt.sys[8ba02090] -> nt!IofCallDriver -> [0x86718938]
19:25:05.375    7 ACPI.sys[8b4a93d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x866c6908]
19:25:05.375    Scan finished successfully
19:25:25.249    Disk 0 MBR has been saved successfully to "C:\Users\Naractis\Desktop\MBR.dat"
19:25:25.249    The log file has been saved successfully to "C:\Users\Naractis\Desktop\aswMBR.txt"
         
Da der Laptop während des Scanns keine Internetverbindung hatte, ist die aktuelle Nat Tabelle noch nicht so voll. Vielleicht könnt Ihr trotzdem etwas herauslesen.
Code:
ATTFilter
================================Nat session table==============================
Slot Prot   Internal-IP  :Port    Outgoing-IP  :Port    External-IP  :Port  Idle
================================================================================
  12 UDP  192.168.1.35   :58984 188.155.176.227:17046 194.230.1.39   :53    75
  33 TCP  192.168.1.35   :41145 188.155.176.227:24074 62.75.211.133  :6667  47
  36 TCP  192.168.1.33   :49643 188.155.176.227:24504 193.192.226.164:443   16
  48 TCP  192.168.1.35   :50596 188.155.176.227:24262 199.59.148.139 :443   26
  60 UDP  192.168.1.35   :58158 188.155.176.227:16280 194.230.1.39   :53    25
 130 TCP  192.168.1.33   :49528 188.155.176.227:24283 74.125.232.110 :80    17
 142 TCP  192.168.1.35   :47296 188.155.176.227:16285 173.194.70.84  :443   0
 170 UDP  192.168.1.33   :49483 188.155.176.227:19922 194.230.1.39   :53    154
 173 TCP  192.168.1.33   :49516 188.155.176.227:23823 199.47.217.149 :80    36
 177 UDP  192.168.1.35   :51413 188.155.176.227:29710 213.203.152.155:50227 148
 185 UDP  192.168.1.35   :36879 188.155.176.227:20534 194.230.1.39   :53    90
 196 TCP  192.168.1.35   :43140 188.155.176.227:24144 173.194.35.17  :80    0
 217 UDP  192.168.1.35   :47507 188.155.176.227:24532 194.230.1.39   :53    25
 225 TCP  192.168.1.35   :53194 188.155.176.227:11308 222.94.132.134 :10224 6015
 238 UDP  192.168.1.35   :43710 188.155.176.227:24509 194.230.1.39   :53    90
 282 TCP  192.168.1.33   :49633 188.155.176.227:24489 173.194.35.44  :443   39
 309 TCP  192.168.1.35   :33503 188.155.176.227:24535 173.194.35.18  :80    10
 352 UDP  192.168.1.35   :51413 188.155.176.227:29710 80.108.238.72  :57417 117
 376 UDP  192.168.1.35   :38132 188.155.176.227:24534 194.230.1.39   :53    10
 377 TCP  192.168.1.35   :59933 188.155.176.227:24147 173.194.35.17  :443   4
 425 UDP  192.168.1.35   :51413 188.155.176.227:29710 78.86.125.0    :44098 47
 491 UDP  192.168.1.35   :43651 188.155.176.227:24506 194.230.1.39   :53    112
 496 TCP  192.168.1.35   :52742 188.155.176.227:20078 14.209.219.157 :10439 3826
 516 UDP  192.168.1.33   :50969 188.155.176.227:24493 194.230.1.39   :53    162
 518 UDP  192.168.1.35   :51413 188.155.176.227:29710 94.66.185.79   :28115 165
 532 UDP  192.168.1.33   :60440 188.155.176.227:15189 194.230.1.39   :53    91
 548 UDP  192.168.1.35   :45820 188.155.176.227:21985 194.230.1.39   :53    80
 574 TCP  192.168.1.33   :49548 188.155.176.227:24327 74.125.232.117 :443   14
 612 UDP  192.168.1.35   :49271 188.155.176.227:24526 194.230.1.39   :53    81
 622 TCP  192.168.1.35   :59625 188.155.176.227:12971 84.226.250.159 :22224 8277
 626 TCP  192.168.1.33   :49636 188.155.176.227:24496 173.194.35.49  :443   23
 650 UDP  192.168.1.33   :54361 188.155.176.227:18655 194.95.249.23  :36653 23
 708 UDP  192.168.1.35   :51413 188.155.176.227:29710 190.195.13.184 :56963 129
 721 UDP  192.168.1.35   :47947 188.155.176.227:19647 194.230.1.39   :53    112
 729 TCP  192.168.1.35   :56985 188.155.176.227:24098 75.126.76.138  :80    9
 753 UDP  192.168.1.33   :54157 188.155.176.227:24505 194.230.1.39   :53    118
 760 UDP  192.168.1.35   :37653 188.155.176.227:23401 194.230.1.39   :53    80
 783 UDP  192.168.1.33   :49839 188.155.176.227:24488 194.230.1.39   :53    172
 852 UDP  192.168.1.35   :42879 188.155.176.227:24533 194.230.1.39   :53    20
 901 UDP  192.168.1.33   :59453 188.155.176.227:24510 194.230.1.39   :53    96
 949 UDP  192.168.1.33   :46327 188.155.176.227:26029 194.95.249.23  :25903 22
 951 UDP  192.168.1.33   :49839 188.155.176.227:24488 194.230.1.103  :53    178
 956 UDP  192.168.1.35   :51413 188.155.176.227:29710 72.179.50.38   :59883 47
 966 UDP  192.168.1.35   :34999 188.155.176.227:24487 194.230.1.39   :53    180
 977 UDP  192.168.1.33   :51975 188.155.176.227:24503 194.230.1.39   :53    162
 982 UDP  192.168.1.35   :50574 188.155.176.227:14167 217.147.223.78 :123   159
1005 UDP  192.168.1.35   :51413 188.155.176.227:29710 89.113.24.25   :35691 105
1011 TCP  192.168.1.35   :50597 188.155.176.227:12340 199.59.148.139 :443   25
1049 UDP  192.168.1.35   :51413 188.155.176.227:29710 24.82.162.176  :45376 104
1075 UDP  192.168.1.33   :56266 188.155.176.227:24495 194.230.1.39   :53    167
1083 UDP  192.168.1.33   :65409 188.155.176.227:18797 94.245.121.251 :3544  0
1115 TCP  192.168.1.35   :60445 188.155.176.227:16242 95.100.255.178 :80    35
1129 UDP  192.168.1.35   :34977 188.155.176.227:24490 194.230.1.103  :53    175
1152 UDP  192.168.1.35   :51413 188.155.176.227:29710 190.101.73.37  :34433 104
1173 UDP  192.168.1.35   :51413 188.155.176.227:29710 90.30.222.207  :34762 147
1200 TCP  192.168.1.33   :49529 188.155.176.227:24285 178.236.5.51   :80    162
1209 TCP  192.168.1.35   :41657 188.155.176.227:22662 173.194.70.125 :5222  12
1214 UDP  192.168.1.35   :43288 188.155.176.227:24491 194.230.1.39   :53    180
1215 UDP  192.168.1.33   :49874 188.155.176.227:24513 194.230.1.39   :53    101
1234 UDP  192.168.1.33   :61444 188.155.176.227:15660 194.230.1.39   :53    101

================================Summary information=============================
Used:    60, Total:  8000
         

Vielen Dank für Eure Mühe!

Alt 23.01.2012, 12:53   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ungewöhnlich viele Nat verbindungen - Standard

Ungewöhnlich viele Nat verbindungen



Kann es sein, dass bei dir im Hintergrund irgendein Filesharingtool läuft? uTorrent ist ja installiert wie ich aus dem Log lese
__________________

__________________

Alt 23.01.2012, 18:42   #3
naractis
 
Ungewöhnlich viele Nat verbindungen - Standard

Ungewöhnlich viele Nat verbindungen



Hi Cosinus,

Nein, es laufen keine Filesharing Programme - ansonsten wären die vielen Verbindungen ganz klar auf das u torrent zurück zu führen... Das kann es also nicht sein.
Ich hab mal noch den standart Eset scan gemacht:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2699bb5b98ed8044bf6e1ab7b6477732
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-19 10:43:28
# local_time=2012-01-19 11:43:28 (+0100, Mitteleuropäische Zeit)
# country="Switzerland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 11260 63541680 90859 0
# compatibility_mode=5893 16776574 100 94 469072 78636015 0 0
# compatibility_mode=8192 67108863 100 0 3733 3733 0 0
# scanned=258409
# found=2
# cleaned=0
# scan_time=8184
C:\Users\Naractis\Downloads\SoftonicDownloader_fuer_artmoney.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Naractis\Downloads\SoftonicDownloader_para_cheat-o-matic.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
         
Danke für Deine erste Antwort!
Grüsse Nara
__________________

Alt 23.01.2012, 20:50   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ungewöhnlich viele Nat verbindungen - Standard

Ungewöhnlich viele Nat verbindungen



Hm, muss ich überlesen haben in deinem ersten Posting, aber uTorrent sprang so ins Auge...

Hast du schon Malwarebytes laufen lassen? Wenn ja Log posten, wenn nicht Vollscan machen.
Schau mal zB mit sowas wie tcpview nach, damit kann man evtl. einen Prozess als Verursacher für die Verbindungen festmachen
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.01.2012, 12:25   #5
naractis
 
Ungewöhnlich viele Nat verbindungen - Standard

Ungewöhnlich viele Nat verbindungen



Hier wäre mal das Malwarebytes Log:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.23.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Naractis :: NARACTISBOOK [Administrator]

Schutz: Aktiviert

23.01.2012 22:34:37
mbam-log-2012-01-23 (22-34-37).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 435301
Laufzeit: 4 Stunde(n), 17 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files\phnxdll.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Und hier 2 Logs von TCP view. Ich wess allerdings nicht, was "normal" ist. Ob z.B. der SVC host ungewöhnlich viele Verbindungen macht...

Code:
ATTFilter
[System Process]	0	TCP	Naractisbook	wsd	localhost	49523	TIME_WAIT										
AppleMobileDeviceService.exe	1560	TCP	Naractisbook	27015	Naractisbook	0	LISTENING										
AppleMobileDeviceService.exe	1560	TCP	Naractisbook	49156	localhost	5354	ESTABLISHED										
AppleMobileDeviceService.exe	1560	UDP	Naractisbook	54524	*	*											
AppleMobileDeviceService.exe	1560	UDP	Naractisbook	54525	*	*											
chrome.exe	4988	TCP	naractisbook	49513	fa-in-f138.1e100.net	http	ESTABLISHED										
chrome.exe	4988	TCP	naractisbook	49514	fa-in-f138.1e100.net	http	ESTABLISHED	3	2'598	3	1'125						
chrome.exe	4988	TCP	naractisbook	49515	178.236.4.41	http	ESTABLISHED	1	447	1	159						
chrome.exe	4988	TCP	naractisbook	49518	fa-in-f154.1e100.net	http	ESTABLISHED										
chrome.exe	4988	TCP	naractisbook	49520	193.192.226.155	https	ESTABLISHED	1	37	2	387						
chrome.exe	4988	TCP	naractisbook	49521	www.digitec.ch	http	ESTABLISHED	1	924	1	435						
Dropbox.exe	3016	TCP	Naractisbook	17500	Naractisbook	0	LISTENING	120	13'320	120	13'320						
Dropbox.exe	3016	TCP	Naractisbook	19872	localhost	49165	ESTABLISHED										
Dropbox.exe	3016	TCP	Naractisbook	49165	localhost	19872	ESTABLISHED										
Dropbox.exe	3016	TCP	naractisbook	49169	sjc-not10.sjc.dropbox.com	http	ESTABLISHED	10	1'910	10	1'790						
Dropbox.exe	3016	UDP	Naractisbook	17500	*	*											
lsass.exe	580	TCP	Naractisbook	49155	Naractisbook	0	LISTENING										
lsass.exe	580	TCPV6	naractisbook	49155	naractisbook	0	LISTENING										
mDNSResponder.exe	1628	TCP	Naractisbook	5354	Naractisbook	0	LISTENING										
mDNSResponder.exe	1628	TCP	Naractisbook	5354	localhost	49156	ESTABLISHED										
mDNSResponder.exe	1628	UDP	naractisbook	5353	*	*		1	42	2	84						
mDNSResponder.exe	1628	UDP	Naractisbook	54526	*	*											
mDNSResponder.exe	1628	UDPV6	[0:0:0:0:0:0:0:1]	5353	*	*											
mDNSResponder.exe	1628	UDPV6	naractisbook	54527	*	*											
PnkBstrA.exe	2172	UDP	Naractisbook	44301	*	*											
services.exe	564	TCP	Naractisbook	49158	Naractisbook	0	LISTENING										
services.exe	564	TCPV6	naractisbook	49158	naractisbook	0	LISTENING										
sidebar.exe	2220	UDP	Naractisbook	61756	*	*											
spd.exe	252	UDP	Naractisbook	889	*	*		46	65'320	46	65'320						
spd.exe	252	UDP	Naractisbook	50095	*	*		34									
spoolsv.exe	1948	TCP	Naractisbook	49157	Naractisbook	0	LISTENING										
spoolsv.exe	1948	TCPV6	naractisbook	49157	naractisbook	0	LISTENING										
svchost.exe	860	TCP	Naractisbook	epmap	Naractisbook	0	LISTENING										
svchost.exe	2916	TCP	Naractisbook	ftps	Naractisbook	0	LISTENING										
svchost.exe	2916	TCP	Naractisbook	dccm	Naractisbook	0	LISTENING										
svchost.exe	2916	TCP	Naractisbook	7438	Naractisbook	0	LISTENING										
svchost.exe	1000	TCP	Naractisbook	49153	Naractisbook	0	LISTENING										
svchost.exe	1192	TCP	Naractisbook	49154	Naractisbook	0	LISTENING										
svchost.exe	524	UDP	Naractisbook	ssdp	*	*		39	18'372	646	116'732						
svchost.exe	524	UDP	naractisbook	ssdp	*	*				2	292						
svchost.exe	1192	UDP	Naractisbook	teredo	*	*											
svchost.exe	1456	UDP	Naractisbook	ws-discovery	*	*				8	4'992						
svchost.exe	524	UDP	Naractisbook	ws-discovery	*	*		2	2'450	4	2'496						
svchost.exe	1456	UDP	Naractisbook	ws-discovery	*	*											
svchost.exe	524	UDP	Naractisbook	ws-discovery	*	*											
svchost.exe	1820	UDP	Naractisbook	llmnr	*	*				18	424						
svchost.exe	524	UDP	naractisbook	50178	*	*		30	3'870								
svchost.exe	524	UDP	Naractisbook	50179	*	*		30	3'870	3	1'176						
svchost.exe	1456	UDP	Naractisbook	52659	*	*											
svchost.exe	1456	UDP	Naractisbook	62382	*	*		4	2'496	2	2'450						
svchost.exe	524	UDP	Naractisbook	62467	*	*											
svchost.exe	1192	UDP	naractisbook	62933	*	*		23	1'361	15	1'635						
svchost.exe	860	TCPV6	naractisbook	epmap	naractisbook	0	LISTENING										
svchost.exe	2916	TCPV6	naractisbook	ftps	naractisbook	0	LISTENING										
svchost.exe	5328	TCPV6	naractisbook	3587	naractisbook	0	LISTENING										
svchost.exe	2916	TCPV6	[0:0:0:0:0:0:0:1]	dccm	naractisbook	0	LISTENING										
svchost.exe	1000	TCPV6	naractisbook	49153	naractisbook	0	LISTENING										
svchost.exe	1192	TCPV6	naractisbook	49154	naractisbook	0	LISTENING										
svchost.exe	524	UDPV6	[0:0:0:0:0:0:0:1]	1900	*	*											
svchost.exe	524	UDPV6	naractisbook	1900	*	*											
svchost.exe	5328	UDPV6	naractisbook	3540	*	*				200	176'920						
svchost.exe	524	UDPV6	naractisbook	3702	*	*											
svchost.exe	1456	UDPV6	naractisbook	3702	*	*											
svchost.exe	1456	UDPV6	naractisbook	3702	*	*											
svchost.exe	524	UDPV6	naractisbook	3702	*	*											
svchost.exe	1820	UDPV6	naractisbook	5355	*	*											
svchost.exe	524	UDPV6	naractisbook	50176	*	*											
svchost.exe	524	UDPV6	[0:0:0:0:0:0:0:1]	50177	*	*				360	134'016		744		2		
svchost.exe	1456	UDPV6	naractisbook	52660	*	*											
svchost.exe	1456	UDPV6	naractisbook	62383	*	*											
svchost.exe	524	UDPV6	naractisbook	62468	*	*											
svchost.exe	1000	UDP	Naractisbook	bootpc	*	*		8	2'400	1	300						
svchost.exe	1456	TCPV6	[0:0:0:0:0:0:0:1]	49522	[0:0:0:0:0:0:0:1]	icslap	ESTABLISHED	1	229	5	5'885						
System	4	TCP	naractisbook	netbios-ssn	Naractisbook	0	LISTENING										
System	4	TCP	Naractisbook	microsoft-ds	Naractisbook	0	LISTENING										
System	4	TCP	Naractisbook	icslap	Naractisbook	0	LISTENING										
System	4	TCP	Naractisbook	wsd	Naractisbook	0	LISTENING										
System	4	TCP	Naractisbook	10243	Naractisbook	0	LISTENING										
System	4	UDP	naractisbook	netbios-ns	*	*		91	4'550	28	1'400						
System	4	UDP	naractisbook	netbios-dgm	*	*		4	828	4	828						
System	4	TCPV6	naractisbook	microsoft-ds	naractisbook	0	LISTENING										
System	4	TCPV6	naractisbook	icslap	naractisbook	0	LISTENING										
System	4	TCPV6	naractisbook	wsd	naractisbook	0	LISTENING										
System	4	TCPV6	naractisbook	10243	naractisbook	0	LISTENING										
System	4	TCPV6	[0:0:0:0:0:0:0:1]	icslap	[0:0:0:0:0:0:0:1]	49522	ESTABLISHED	2	5'885	1	229						
wininit.exe	508	TCP	Naractisbook	49152	Naractisbook	0	LISTENING										
wininit.exe	508	TCPV6	naractisbook	49152	naractisbook	0	LISTENING										
wmpnetwk.exe	2768	TCP	Naractisbook	rtsp	Naractisbook	0	LISTENING										
wmpnetwk.exe	2768	UDP	Naractisbook	5004	*	*											
wmpnetwk.exe	2768	UDP	Naractisbook	5005	*	*											
wmpnetwk.exe	2768	TCPV6	naractisbook	rtsp	naractisbook	0	LISTENING										
wmpnetwk.exe	2768	UDPV6	naractisbook	5004	*	*											
wmpnetwk.exe	2768	UDPV6	naractisbook	5005	*	*
         
Mir ist aufgefallen, dass wenn ich den Chrome Browser öffne, und er alle Tabs neu lädt (aktuell 13 Tabs), dass dann die Verbindungen auf knapp 200 hinaufschnellen:

Code:
ATTFilter
[System Process]	0	TCP	naractisbook	49527	www-11-05-prn1.facebook.com	http	TIME_WAIT										
[System Process]	0	TCP	naractisbook	49531	194.230.42.146	http	TIME_WAIT										
[System Process]	0	TCP	naractisbook	49645	194.126.200.44	http	TIME_WAIT										
[System Process]	0	TCP	naractisbook	49664	194.126.200.44	http	TIME_WAIT										
[System Process]	0	TCP	naractisbook	49540	bru01m01-in-f95.1e100.net	http	TIME_WAIT										
[System Process]	0	TCP	naractisbook	49554	fa-in-f101.1e100.net	http	TIME_WAIT										
[System Process]	0	TCP	naractisbook	49555	fa-in-f101.1e100.net	http	TIME_WAIT										
[System Process]	0	TCP	naractisbook	49556	fa-in-f101.1e100.net	http	TIME_WAIT										
[System Process]	0	TCP	naractisbook	49557	fa-in-f101.1e100.net	http	TIME_WAIT										
[System Process]	0	TCP	naractisbook	49559	63.131.144.202	http	TIME_WAIT										
[System Process]	0	TCP	naractisbook	49571	194.230.42.136	http	TIME_WAIT										
[System Process]	0	TCP	naractisbook	49572	194.230.42.136	http	TIME_WAIT										
[System Process]	0	TCP	naractisbook	49592	217.192.14.19	http	TIME_WAIT										
[System Process]	0	TCP	naractisbook	49595	2.16.13.55	http	TIME_WAIT										
[System Process]	0	TCP	naractisbook	49596	2.16.13.55	http	TIME_WAIT										
[System Process]	0	TCP	Naractisbook	wsd	localhost	49680	TIME_WAIT										
[System Process]	0	TCP	naractisbook	49638	bru01m01-in-f95.1e100.net	http	TIME_WAIT										
[System Process]	0	TCP	naractisbook	49639	63.131.144.202	http	TIME_WAIT										
[System Process]	0	TCP	naractisbook	49640	63.131.144.202	http	TIME_WAIT										
[System Process]	0	TCP	naractisbook	49646	fa-in-f154.1e100.net	http	TIME_WAIT										
[System Process]	0	TCP	naractisbook	49647	fa-in-f154.1e100.net	http	TIME_WAIT										
[System Process]	0	TCP	naractisbook	49648	fa-in-f154.1e100.net	http	TIME_WAIT										
[System Process]	0	TCP	naractisbook	49649	fa-in-f154.1e100.net	http	TIME_WAIT										
AppleMobileDeviceService.exe	1560	TCP	Naractisbook	27015	Naractisbook	0	LISTENING										
AppleMobileDeviceService.exe	1560	TCP	Naractisbook	49156	localhost	5354	ESTABLISHED										
AppleMobileDeviceService.exe	1560	UDP	Naractisbook	54524	*	*											
AppleMobileDeviceService.exe	1560	UDP	Naractisbook	54525	*	*											
chrome.exe	4988	TCP	naractisbook	49515	178.236.4.41	http	ESTABLISHED	3	1'341	3	477						
chrome.exe	4988	TCP	naractisbook	49526	www-11-05-prn1.facebook.com	http	ESTABLISHED	2	1'476	10	18'146						
chrome.exe	4988	TCP	naractisbook	49528	194.230.42.152	http	ESTABLISHED	3	1'595	4	1'058						
chrome.exe	4988	TCP	naractisbook	49529	194.230.42.152	http	ESTABLISHED	2	949	3	816						
chrome.exe	4988	TCP	naractisbook	49530	194.230.42.152	http	ESTABLISHED	2	950	3	779						
chrome.exe	4988	TCP	naractisbook	49532	www.digitec.ch	http	ESTABLISHED	12	10'728	14	5'669						
chrome.exe	4988	TCP	naractisbook	49533	www.digitec.ch	http	ESTABLISHED	5	4'541	5	788						
chrome.exe	4988	TCP	naractisbook	49534	www.digitec.ch	http	ESTABLISHED	4	3'549	7	5'787						
chrome.exe	4988	TCP	naractisbook	49535	www.digitec.ch	http	ESTABLISHED	1	909	1	92						
chrome.exe	4988	TCP	naractisbook	49536	www.digitec.ch	http	ESTABLISHED	5	4'505	5	624						
chrome.exe	4988	TCP	naractisbook	49537	www.digitec.ch	http	ESTABLISHED	5	4'391	8	7'357						
chrome.exe	4988	TCP	naractisbook	49538	bru01m01-in-f95.1e100.net	http	ESTABLISHED	3	1'626	3	408						
chrome.exe	4988	TCP	naractisbook	49539	bru01m01-in-f95.1e100.net	http	ESTABLISHED	3	1'629	3	408						
chrome.exe	4988	TCP	naractisbook	49541	www.digitec.ch	http	ESTABLISHED	2	1'686	2	862						
chrome.exe	4988	TCP	naractisbook	49542	www.digitec.ch	http	ESTABLISHED	2	1'695	2	880						
chrome.exe	4988	TCP	naractisbook	49543	www.digitec.ch	http	ESTABLISHED	1	906	1	421						
chrome.exe	4988	TCP	naractisbook	49544	www.digitec.ch	http	ESTABLISHED	1	903	1	439						
chrome.exe	4988	TCP	naractisbook	49545	www.digitec.ch	http	ESTABLISHED	1	899	1	431						
chrome.exe	4988	TCP	naractisbook	49546	www.digitec.ch	http	ESTABLISHED	1	902	1	437						
chrome.exe	4988	TCP	naractisbook	49547	www.digitec.ch	https	ESTABLISHED	3	2'282	3	325						
chrome.exe	4988	TCP	naractisbook	49548	www.digitec.ch	https	ESTABLISHED	3	2'282	5	1'068						
chrome.exe	4988	TCP	naractisbook	49549	www.digitec.ch	https	ESTABLISHED	3	2'266	6	3'784						
chrome.exe	4988	TCP	naractisbook	49550	www.digitec.ch	https	ESTABLISHED	2	1'296	5	3'651						
chrome.exe	4988	TCP	naractisbook	49551	www.digitec.ch	https	ESTABLISHED	2	1'296	5	3'651						
chrome.exe	4988	TCP	naractisbook	49552	www.digitec.ch	https	ESTABLISHED	2	1'296	5	2'271						
chrome.exe	4988	TCP	naractisbook	49553	fa-in-f101.1e100.net	http	ESTABLISHED	13	11'035	13	4'634						
chrome.exe	4988	TCP	naractisbook	49558	63.131.144.202	http	ESTABLISHED	2	1'199	3	2'642						
chrome.exe	4988	TCP	naractisbook	49562	77-59-236-55.static.cablecom.ch	https	ESTABLISHED	1	582	1	59						
chrome.exe	4988	TCP	naractisbook	49564	lb160.pars.cotendo.net	http	ESTABLISHED	18	17'201	29	44'181						
chrome.exe	4988	TCP	naractisbook	49565	lb160.pars.cotendo.net	http	ESTABLISHED	14	14'162	16	8'056						
chrome.exe	4988	TCP	naractisbook	49566	lb160.pars.cotendo.net	http	ESTABLISHED	11	11'189	23	33'753						
chrome.exe	4988	TCP	naractisbook	49567	lb160.pars.cotendo.net	http	ESTABLISHED	13	13'295	15	6'137						
chrome.exe	4988	TCP	naractisbook	49568	lb160.pars.cotendo.net	http	ESTABLISHED	10	10'250	10	3'401						
chrome.exe	4988	TCP	naractisbook	49569	lb160.pars.cotendo.net	http	ESTABLISHED	11	11'355	11	3'753						
chrome.exe	4988	TCP	naractisbook	49570	194.230.42.136	http	ESTABLISHED	2	1'092	2	508						
chrome.exe	4988	TCP	naractisbook	49573	fa-in-f155.1e100.net	http	ESTABLISHED	1	524	1	134						
chrome.exe	4988	TCP	naractisbook	49574	194.230.42.162	http	ESTABLISHED	2	1'092	2	508						
chrome.exe	4988	TCP	naractisbook	49575	194.230.42.162	http	ESTABLISHED	1	546	1	254						
chrome.exe	4988	TCP	naractisbook	49578	www2.vbs.admin.ch	http	ESTABLISHED	2	922	2	2'538						
chrome.exe	4988	TCP	naractisbook	49579	wwwa2.vbs.admin.ch	http	ESTABLISHED	5	2'782	26	157'210						
chrome.exe	4988	TCP	naractisbook	49580	wwwa2.vbs.admin.ch	http	ESTABLISHED	1	547	9	36'114						
chrome.exe	4988	TCP	naractisbook	49581	wwwa2.vbs.admin.ch	http	ESTABLISHED	2	1'097	16	31'464						
chrome.exe	4988	TCP	naractisbook	49594	63.131.144.202	https	ESTABLISHED	2	925	23	23'973						
chrome.exe	4988	TCP	naractisbook	49603	192.168.1.1	http	ESTABLISHED	3	1'300	12	15'073						
chrome.exe	4988	TCP	naractisbook	49604	192.168.1.1	http	ESTABLISHED	1	455	1	86						
chrome.exe	4988	TCP	naractisbook	49605	192.168.1.1	http	ESTABLISHED	1	460	1	86						
chrome.exe	4988	TCP	naractisbook	49606	ec2-184-72-108-160.compute-1.amazonaws.com	https	ESTABLISHED	2	515	3	1'374						
chrome.exe	4988	TCP	naractisbook	49607	mil01s16-in-f16.1e100.net	https	ESTABLISHED	2	465	2	198						
chrome.exe	4988	TCP	naractisbook	49608	fa-in-f84.1e100.net	https	ESTABLISHED	4	1'099	19	14'090						
chrome.exe	4988	TCP	naractisbook	49609	fa-in-f113.1e100.net	https	ESTABLISHED	2	3'220	7	3'008						
chrome.exe	4988	TCP	naractisbook	49610	fa-in-f120.1e100.net	https	ESTABLISHED	8	1'331	13	788						
chrome.exe	4988	TCP	naractisbook	49611	192.168.1.1	http	ESTABLISHED	2	791	6	10'678						
chrome.exe	4988	TCP	naractisbook	49618	194.230.42.162	http	ESTABLISHED	1	546	1	254						
chrome.exe	4988	TCP	naractisbook	49619	194.230.42.154	http	ESTABLISHED	2	1'092	2	508						
chrome.exe	4988	TCP	naractisbook	49621	mil01s16-in-f24.1e100.net	http	ESTABLISHED	1	780	1	136						
chrome.exe	4988	TCP	naractisbook	49623	fra07s07-in-f97.1e100.net	https	ESTABLISHED	5	1'331	5	600						
chrome.exe	4988	TCP	naractisbook	49629	wwwa2.vbs.admin.ch	http	ESTABLISHED	2	1'101	2	2'251						
chrome.exe	4988	TCP	naractisbook	49631	fa-in-f18.1e100.net	https	ESTABLISHED	4	1'151	8	2'604						
chrome.exe	4988	TCP	naractisbook	49633	77-59-236-55.static.cablecom.ch	https	ESTABLISHED	4	2'911	9	7'128						
chrome.exe	4988	TCP	naractisbook	49634	77-59-236-55.static.cablecom.ch	https	ESTABLISHED	2	769	7	5'257						
chrome.exe	4988	TCP	naractisbook	49635	77-59-236-55.static.cablecom.ch	https	ESTABLISHED	4	2'197	8	5'731						
chrome.exe	4988	TCP	naractisbook	49636	77-59-236-55.static.cablecom.ch	https	ESTABLISHED	5	2'927	9	5'864						
chrome.exe	4988	TCP	naractisbook	49637	77-59-236-55.static.cablecom.ch	https	ESTABLISHED	4	2'261	9	5'523						
chrome.exe	4988	TCP	naractisbook	49650	dict-muc.leo.org	http	ESTABLISHED	5	2'972	11	12'833						
chrome.exe	4988	TCP	naractisbook	49651	dict-muc.leo.org	http	ESTABLISHED	2	1'162	7	8'473						
chrome.exe	4988	TCP	naractisbook	49652	dict-muc.leo.org	http	ESTABLISHED	2	1'155	2	1'800						
chrome.exe	4988	TCP	naractisbook	49653	dict-muc.leo.org	http	ESTABLISHED	1	578	1	219						
chrome.exe	4988	TCP	naractisbook	49654	dict-muc.leo.org	http	ESTABLISHED	1	580	4	4'087						
chrome.exe	4988	TCP	naractisbook	49655	dict-muc.leo.org	http	ESTABLISHED	1	580	1	220						
chrome.exe	4988	TCP	naractisbook	49678	89.1.11.151	https	CLOSE_WAIT			1	27		27		1		
Dropbox.exe	3016	TCP	Naractisbook	17500	Naractisbook	0	LISTENING	174	19'314	174	19'314						
Dropbox.exe	3016	TCP	Naractisbook	19872	localhost	49165	ESTABLISHED										
Dropbox.exe	3016	TCP	Naractisbook	49165	localhost	19872	ESTABLISHED										
Dropbox.exe	3016	TCP	naractisbook	49169	sjc-not10.sjc.dropbox.com	http	ESTABLISHED	15	2'865	15	2'685						
Dropbox.exe	3016	UDP	Naractisbook	17500	*	*											
lsass.exe	580	TCP	Naractisbook	49155	Naractisbook	0	LISTENING										
lsass.exe	580	TCPV6	naractisbook	49155	naractisbook	0	LISTENING										
mDNSResponder.exe	1628	TCP	Naractisbook	5354	Naractisbook	0	LISTENING										
mDNSResponder.exe	1628	TCP	Naractisbook	5354	localhost	49156	ESTABLISHED										
mDNSResponder.exe	1628	UDP	naractisbook	5353	*	*		2	84	4	168	42	84	1	2		
mDNSResponder.exe	1628	UDP	Naractisbook	54526	*	*											
mDNSResponder.exe	1628	UDPV6	[0:0:0:0:0:0:0:1]	5353	*	*											
mDNSResponder.exe	1628	UDPV6	naractisbook	54527	*	*											
PnkBstrA.exe	2172	UDP	Naractisbook	44301	*	*											
services.exe	564	TCP	Naractisbook	49158	Naractisbook	0	LISTENING										
services.exe	564	TCPV6	naractisbook	49158	naractisbook	0	LISTENING										
sidebar.exe	2220	UDP	Naractisbook	61756	*	*											
spd.exe	252	UDP	Naractisbook	889	*	*		66	93'720	66	93'720						
spd.exe	252	UDP	Naractisbook	50095	*	*		41									
spoolsv.exe	1948	TCP	Naractisbook	49157	Naractisbook	0	LISTENING										
spoolsv.exe	1948	TCPV6	naractisbook	49157	naractisbook	0	LISTENING										
svchost.exe	860	TCP	Naractisbook	epmap	Naractisbook	0	LISTENING										
svchost.exe	2916	TCP	Naractisbook	ftps	Naractisbook	0	LISTENING										
svchost.exe	2916	TCP	Naractisbook	dccm	Naractisbook	0	LISTENING										
svchost.exe	2916	TCP	Naractisbook	7438	Naractisbook	0	LISTENING										
svchost.exe	1000	TCP	Naractisbook	49153	Naractisbook	0	LISTENING										
svchost.exe	1192	TCP	Naractisbook	49154	Naractisbook	0	LISTENING										
svchost.exe	524	UDP	Naractisbook	ssdp	*	*		81	37'920	988	188'750		438		3		
svchost.exe	524	UDP	naractisbook	ssdp	*	*				2	292						
svchost.exe	1192	UDP	Naractisbook	teredo	*	*											
svchost.exe	1456	UDP	Naractisbook	ws-discovery	*	*				24	14'976						
svchost.exe	524	UDP	Naractisbook	ws-discovery	*	*		6	7'350	12	7'488						
svchost.exe	1456	UDP	Naractisbook	ws-discovery	*	*											
svchost.exe	524	UDP	Naractisbook	ws-discovery	*	*											
svchost.exe	1820	UDP	Naractisbook	llmnr	*	*				28	700						
svchost.exe	524	UDP	naractisbook	50178	*	*		39	4'839								
svchost.exe	524	UDP	Naractisbook	50179	*	*		39	4'839	9	3'528						
svchost.exe	1456	UDP	Naractisbook	52659	*	*											
svchost.exe	1456	UDP	Naractisbook	62382	*	*		12	7'488	6	7'350						
svchost.exe	524	UDP	Naractisbook	62467	*	*											
svchost.exe	1192	UDP	naractisbook	62933	*	*		30	1'788	22	2'398						
svchost.exe	860	TCPV6	naractisbook	epmap	naractisbook	0	LISTENING										
svchost.exe	2916	TCPV6	naractisbook	ftps	naractisbook	0	LISTENING										
svchost.exe	5328	TCPV6	naractisbook	3587	naractisbook	0	LISTENING										
svchost.exe	2916	TCPV6	[0:0:0:0:0:0:0:1]	dccm	naractisbook	0	LISTENING										
svchost.exe	1000	TCPV6	naractisbook	49153	naractisbook	0	LISTENING										
svchost.exe	1192	TCPV6	naractisbook	49154	naractisbook	0	LISTENING										
svchost.exe	524	UDPV6	[0:0:0:0:0:0:0:1]	1900	*	*											
svchost.exe	524	UDPV6	naractisbook	1900	*	*											
svchost.exe	5328	UDPV6	naractisbook	3540	*	*				290	256'534						
svchost.exe	524	UDPV6	naractisbook	3702	*	*											
svchost.exe	1456	UDPV6	naractisbook	3702	*	*											
svchost.exe	1456	UDPV6	naractisbook	3702	*	*											
svchost.exe	524	UDPV6	naractisbook	3702	*	*											
svchost.exe	1820	UDPV6	naractisbook	5355	*	*											
svchost.exe	524	UDPV6	naractisbook	50176	*	*											
svchost.exe	524	UDPV6	[0:0:0:0:0:0:0:1]	50177	*	*				526	195'960						
svchost.exe	1456	UDPV6	naractisbook	52660	*	*											
svchost.exe	1456	UDPV6	naractisbook	62383	*	*											
svchost.exe	524	UDPV6	naractisbook	62468	*	*											
svchost.exe	1456	TCPV6	[0:0:0:0:0:0:0:1]	49679	[0:0:0:0:0:0:0:1]	icslap	ESTABLISHED	1	229	5	5'885						
System	4	TCP	naractisbook	netbios-ssn	Naractisbook	0	LISTENING										
System	4	TCP	Naractisbook	microsoft-ds	Naractisbook	0	LISTENING										
System	4	TCP	Naractisbook	icslap	Naractisbook	0	LISTENING										
System	4	TCP	Naractisbook	wsd	Naractisbook	0	LISTENING										
System	4	TCP	Naractisbook	10243	Naractisbook	0	LISTENING										
System	4	UDP	naractisbook	netbios-ns	*	*		128	6'400	40	2'000	50		1			
System	4	UDP	naractisbook	netbios-dgm	*	*		5	1'029	5	1'029						
System	4	TCPV6	naractisbook	microsoft-ds	naractisbook	0	LISTENING										
System	4	TCPV6	naractisbook	icslap	naractisbook	0	LISTENING										
System	4	TCPV6	naractisbook	wsd	naractisbook	0	LISTENING										
System	4	TCPV6	naractisbook	10243	naractisbook	0	LISTENING										
System	4	TCPV6	[0:0:0:0:0:0:0:1]	icslap	[0:0:0:0:0:0:0:1]	49679	ESTABLISHED	2	5'885	1	229						
wininit.exe	508	TCP	Naractisbook	49152	Naractisbook	0	LISTENING										
wininit.exe	508	TCPV6	naractisbook	49152	naractisbook	0	LISTENING										
wmpnetwk.exe	2768	TCP	Naractisbook	rtsp	Naractisbook	0	LISTENING										
wmpnetwk.exe	2768	UDP	Naractisbook	5004	*	*											
wmpnetwk.exe	2768	UDP	Naractisbook	5005	*	*											
wmpnetwk.exe	2768	TCPV6	naractisbook	rtsp	naractisbook	0	LISTENING										
wmpnetwk.exe	2768	UDPV6	naractisbook	5004	*	*											
wmpnetwk.exe	2768	UDPV6	naractisbook	5005	*	*
         

Danach räumt er die Verbindungen sukzessive auf, bis sie dann bei ungefähr 90 stagnieren (oberes Log)

Eine Erklärung wäre:
Der Router löscht die veralteten Verbindungen in der Nat Table zu langsam -> das führt dazu, dass die Table überläuft.
Jedoch: Die anderen Computer sind auch mit dem Chrome Browser am Surfen, und diese haben das Problem nicht...

Ich danke Herzlich, dass Du dich so für mein Problem engagierst!

Freundliche Grüsse,
Nara


Alt 24.01.2012, 13:01   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ungewöhnlich viele Nat verbindungen - Standard

Ungewöhnlich viele Nat verbindungen



Zitat:
svchost.exe 524 UDP Naractisbook ssdp * * 39 18'372 646 116'732
svchost.exe 524 UDP naractisbook ssdp * * 2 292
Beende mal den SSDP-Suchdienst auf deiner Windows-Kiste (Computerverealtung/Dinste bzw. services.msc) und beobachte von neuem mit tcpview
__________________
--> Ungewöhnlich viele Nat verbindungen

Antwort

Themen zu Ungewöhnlich viele Nat verbindungen
adblock, adobe, antivir, autorun, avast, avira, bho, bonjour, classpnp.sys, defender, email, exceeds the max. number of session per host, explorer, fehler, firefox, format, ftp, google, helper, hängen, langs, limited.com/facebook, log file, logfile, microsoft security, microsoft security essentials, nat table, nat verbindungen, registry, security, software, static, synology, udp, updates, version=1.0, warum, webcheck, windows



Ähnliche Themen: Ungewöhnlich viele Nat verbindungen


  1. Computer ungewöhnlich langsam
    Plagegeister aller Art und deren Bekämpfung - 17.10.2015 (9)
  2. Langsames Internet/hoher Ping seit kurzer Zeit (zu viele TCP Verbindungen?)
    Plagegeister aller Art und deren Bekämpfung - 09.09.2015 (5)
  3. Arbeitspeicherauslastung ungewöhnlich Hoch
    Plagegeister aller Art und deren Bekämpfung - 28.10.2014 (1)
  4. netstat - a zeigt viele Verbindungen
    Log-Analyse und Auswertung - 29.06.2014 (7)
  5. Viele Verbindungen = Langsames Internet?
    Plagegeister aller Art und deren Bekämpfung - 17.11.2013 (5)
  6. Netstat zeigt sehr viele verbindungen an
    Plagegeister aller Art und deren Bekämpfung - 30.10.2013 (6)
  7. Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32)
    Log-Analyse und Auswertung - 17.09.2013 (23)
  8. service.exe stellt ständig sehr viele Verbindungen mit dem Internet her
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (1)
  9. Viele einkommende verbindungen
    Plagegeister aller Art und deren Bekämpfung - 16.10.2011 (1)
  10. Internetverbindung wird plötzich getrennt (zu viele verbindungen?)
    Log-Analyse und Auswertung - 31.01.2011 (1)
  11. Hatte eine smitfraud Variante auf einem Rechner und viele viele andere malware
    Log-Analyse und Auswertung - 06.01.2011 (0)
  12. Pc zu laut ungewöhnlich :S
    Netzwerk und Hardware - 19.10.2010 (15)
  13. svchost.exe, Browser und Messenger öffnen extrem viele Verbindungen
    Plagegeister aller Art und deren Bekämpfung - 28.06.2010 (1)
  14. Viele Verbindungen nach Win-Neuinstallation
    Plagegeister aller Art und deren Bekämpfung - 22.11.2009 (1)
  15. Laptop ungewöhnlich langsam!
    Log-Analyse und Auswertung - 28.08.2008 (1)
  16. PC ungewöhnlich langsam
    Log-Analyse und Auswertung - 11.08.2008 (2)
  17. Mögliche Infektion / Viele Verbindungen
    Plagegeister aller Art und deren Bekämpfung - 07.06.2008 (3)

Zum Thema Ungewöhnlich viele Nat verbindungen - Hallo Der besagte Laptop macht baut ungewöhnlich viele Nat Verbindungen auf. Gemerkt habe ich das, als ich im Fehler log des Routers (Zyxel P-660HN-F1Z) nach einer gewissen Surfzeit die Meldung - Ungewöhnlich viele Nat verbindungen...
Archiv
Du betrachtest: Ungewöhnlich viele Nat verbindungen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.